cbcvebase.
CVE-2021-1300
published 2021-01-20

CVE-2021-1300: Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more…

PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.13%
79.7th percentile
Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Affected

7 ranges
VendorProductVersion rangeFixed in
ciscocisco_sd-wan_solution
ciscosd-wan
ciscosd-wan_firmware
ciscosd-wan_firmware
ciscosd-wan_firmware
ciscosd-wan_firmware
ericssoncodechecker>= 0 < 6.24.66.24.6

Detection & IOCsextracted from sources · hover to see the quote

  • ·CVE-2021-1300 is a buffer overflow vulnerability in Cisco SD-WAN products (Bug IDs: CSCvi69895, CSCvt11525). The provided sources contain only high-level advisory text with no concrete IOCs, attack commands, signatures, or operational indicators published.
  • ·No workarounds are available per the vendor advisory; only software updates address these vulnerabilities.
  • ·CWE classifications are CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-20 (Improper Input Validation), which may guide detection rule development targeting malformed/oversized input to SD-WAN interfaces.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
ghsa7.4HIGH
vendor_cisco9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.